A former software engineer at Ubiquiti Networks has been sentenced to six years in prison for stealing gigabytes of data from the company, attempting to extort millions of dollars, and harming the company’s reputation in the media. The engineer, Nickolas Sharp, was ironically assigned to investigate the hack he had committed. He had taken advantage of his privileged employee access to steal the data, deleted logs that could have identified his involvement, and anonymously demanded a ransom of approximately US $2 million for the safe return of the data. When Ubiquiti refused to pay, Sharp published some of the stolen files online and contacted a cybersecurity journalist pretending to be a whistleblower within the company. Media stories of security failings at Ubiquiti caused a 20% fall in the business’s share price and the loss of over US $4 billion in market capitalisation.
Sharp’s undoing was a brief outage in his VPN service, which caused his real IP address to be logged. He entered a guilty plea in February of this year to charges of wire fraud, making false statements to FBI investigators, and transmitting a program to a protected computer that intentionally caused damage. This week, in addition to his prison sentence, Sharp was also sentenced to three years of supervised release and ordered to pay restitution of $1,590,487. This extraordinary story highlights the internal threat posed by insiders and rogue employees who have access to sensitive company and customer data.
Key points:
– A former software engineer at Ubiquiti Networks has been sentenced to six years in prison for stealing company data, attempting to extort millions of dollars, and harming the company’s reputation in the media.
– Sharp had been assigned to investigate the hack he had committed and had taken advantage of his privileged employee access to steal data and delete logs.
– He anonymously demanded a ransom of US $2 million for the safe return of the data, but when Ubiquiti refused to pay, he published some of the stolen files online and contacted a cybersecurity journalist pretending to be a whistleblower within the company.
– Media stories of security failings at Ubiquiti caused a 20% fall in the business’s share price and the loss of over US $4 billion in market capitalisation.
– Sharp’s VPN service briefly went down, causing his real IP address to be logged and leading to his guilty plea and sentencing. This case highlights the internal threat posed by insiders and rogue employees who have access to sensitive company and customer data.
